afmarulanda/wazuh-ansible-4.8.1
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #106 from wazuh/Issue_95-default_configuration

Browse Source 
Adapt configuration to current release
This commit is contained in:
AlfonsoRBJ 2018-12-20 18:22:45 +01:00 committed by GitHub
commit 7644661f1c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
8 changed files with 592 additions and 185 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
roles/elastic-stack/ansible-elasticsearch/defaults/main.yml
View File

@ -4,7 +4,7 @@ elasticsearch_node_name: node-1
elasticsearch_http_port: 9200 elasticsearch_http_port: 9200
elasticsearch_network_host: 127.0.0.1 elasticsearch_network_host: 127.0.0.1
elasticsearch_jvm_xms: null elasticsearch_jvm_xms: null
elastic_stack_version: 6.5.3 elastic_stack_version: 6.5.4
elasticsearch_shards: 5 elasticsearch_shards: 5
elasticsearch_replicas: 1 elasticsearch_replicas: 1
elasticsearch_install_java: yes elasticsearch_install_java: yes

5
roles/elastic-stack/ansible-kibana/defaults/main.yml
View File

@ -3,5 +3,6 @@ elasticsearch_http_port: "9200"
elasticsearch_network_host: "127.0.0.1" elasticsearch_network_host: "127.0.0.1"
kibana_server_host: "0.0.0.0" kibana_server_host: "0.0.0.0"
kibana_server_port: "5601" kibana_server_port: "5601"
elastic_stack_version: 6.5.3 elastic_stack_version: 6.5.4
wazuh_version: 3.7.1 wazuh_version: 3.7.2

2
roles/elastic-stack/ansible-logstash/defaults/main.yml
View File

@ -9,7 +9,7 @@ elasticsearch_network_host: ["Localhost"]
elasticsearch_http_port: "9200" elasticsearch_http_port: "9200"
elasticsearch_shards: 5 elasticsearch_shards: 5
elasticsearch_replicas: 1 elasticsearch_replicas: 1
elastic_stack_version: 6.5.3 elastic_stack_version: 6.5.4
logstash_ssl: false logstash_ssl: false
logstash_ssl_dir: /etc/pki/logstash logstash_ssl_dir: /etc/pki/logstash

87
roles/wazuh/ansible-wazuh-agent/defaults/main.yml
View File

@ -15,8 +15,9 @@ wazuh_agent_authd:
ssl_agent_cert: null ssl_agent_cert: null
ssl_agent_key: null ssl_agent_key: null
ssl_auto_negotiate: 'no' ssl_auto_negotiate: 'no'
wazuh_notify_time: null wazuh_notify_time: '10'
wazuh_time_reconnect: null wazuh_time_reconnect: '60'
wazuh_crypto_method: 'aes'
wazuh_winagent_config: wazuh_winagent_config:
install_dir: 'C:\wazuh-agent\' install_dir: 'C:\wazuh-agent\'
version: '3.7.0' version: '3.7.0'
@ -24,16 +25,26 @@ wazuh_winagent_config:
repo: https://packages.wazuh.com/3.x/windows/ repo: https://packages.wazuh.com/3.x/windows/
md5: 43936e7bc7eb51bd186f47dac4a6f477 md5: 43936e7bc7eb51bd186f47dac4a6f477
wazuh_agent_config: wazuh_agent_config:
active_response_disabled: 'no' active_response:
ar_disabled: 'no'
ca_store: '/var/ossec/etc/wpk_root.pem'
ca_verification: 'yes'
log_format: 'plain' log_format: 'plain'
client_buffer:
disable: 'no'
queue_size: '5000'
events_per_sec: '500'
syscheck: syscheck:
frequency: 43200 frequency: 43200
scan_on_start: 'yes' scan_on_start: 'yes'
auto_ignore: 'no' auto_ignore: 'no'
alert_new_files: 'yes' alert_new_files: 'yes'
remove_old_diff: 'yes'
restart_audit: 'yes'
skip_nfs: 'yes'
ignore: ignore:
- /etc/mtab - /etc/mtab
- /etc/mnttab #- /etc/mnttab
- /etc/hosts.deny - /etc/hosts.deny
- /etc/mail/statistics - /etc/mail/statistics
- /etc/random-seed - /etc/random-seed
@ -45,6 +56,8 @@ wazuh_agent_config:
- /etc/cups/certs - /etc/cups/certs
- /etc/dumpdates - /etc/dumpdates
- /etc/svc/volatile - /etc/svc/volatile
- /sys/kernel/security
- /sys/kernel/debug
no_diff: no_diff:
- /etc/ssl/private.key - /etc/ssl/private.key
directories: directories:
@ -59,10 +72,26 @@ wazuh_agent_config:
rootcheck: rootcheck:
frequency: 43200 frequency: 43200
openscap: openscap:
disable: 'yes' disable: 'no'
timeout: 1800 timeout: 1800
interval: '1d' interval: '1d'
scan_on_start: 'yes' scan_on_start: 'yes'
osquery:
disable: 'yes'
run_daemon: 'yes'
log_path: '/var/log/osquery/osqueryd.results.log'
config_path: '/etc/osquery/osquery.conf'
ad_labels: 'yes'
syscollector:
disable: 'no'
interval: '1h'
scan_on_start: 'yes'
hardware: 'yes'
os: 'yes'
network: 'yes'
packages: 'yes'
ports_no: 'yes'
processes: 'yes'
cis_cat: cis_cat:
disable: 'yes' disable: 'yes'
install_java: 'yes' install_java: 'yes'
@ -74,7 +103,7 @@ wazuh_agent_config:
content: content:
- type: 'xccdf' - type: 'xccdf'
path: 'benchmarks/CIS_Ubuntu_Linux_16.04_LTS_Benchmark_v1.0.0-xccdf.xml' path: 'benchmarks/CIS_Ubuntu_Linux_16.04_LTS_Benchmark_v1.0.0-xccdf.xml'
profile: 'xccdf_org.cisecurity.benchmarks_profile_Level_1_-_Server' profile: 'xccdf_org.cisecurity.benchmarks_profile_Level_1_-_Server'
vuls: vuls:
disable: 'yes' disable: 'yes'
interval: '1d' interval: '1d'
@ -86,18 +115,34 @@ wazuh_agent_config:
- 'nvd-year 2016' - 'nvd-year 2016'
- 'autoupdate' - 'autoupdate'
localfiles: localfiles:
- format: 'syslog' debian:
location: '/var/log/messages' - format: 'syslog'
- format: 'syslog' location: '/var/log/auth.log'
location: '/var/log/secure' - format: 'syslog'
- format: 'syslog' location: '/var/log/syslog'
location: 'var/log/auth.log' - format: 'syslog'
- format: 'command' location: '/var/log/dpkg.log'
command: 'df -P' - format: 'syslog'
frequency: '360' location: '/var/log/kern.log'
- format: 'full_command' centos:
command: 'netstat -tln | grep -v 127.0.0.1 | sort' - format: 'syslog'
frequency: '360' location: '/var/log/messages'
- format: 'full_command' - format: 'syslog'
command: 'last -n 20' location: '/var/log/secure'
frequency: '360' - format: 'syslog'
location: '/var/log/maillog'
- format: 'audit'
location: '/var/log/audit/audit.log'
common:
- format: 'syslog'
location: '/var/ossec/logs/active-responses.log'
- format: 'command'
command: 'df -P'
frequency: '360'
- format: 'full_command'
command: netstat -tulpn | sed 's/\([[:alnum:]]\+\)\ \+[[:digit:]]\+\ \+[[:digit:]]\+\ \+\(.*\):\([[:digit:]]*\)\ \+\([0-9\.\:\*]\+\).\+\ \([[:digit:]]*\/[[:alnum:]\-]*\).*/\1 \2 == \3 == \4 \5/' | sort -k 4 -g | sed 's/ == \(.*\) ==/:\1/' | sed 1,2d
alias: 'netstat listening ports'
frequency: '360'
- format: 'full_command'
command: 'last -n 20'
frequency: '360'

79
roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2
View File

@ -29,14 +29,22 @@
<time-reconnect>{{ wazuh_time_reconnect }}</time-reconnect> <time-reconnect>{{ wazuh_time_reconnect }}</time-reconnect>
{% endif %} {% endif %}
<auto_restart>{{ wazuh_auto_restart }}</auto_restart> <auto_restart>{{ wazuh_auto_restart }}</auto_restart>
<crypto_method>{{ wazuh_crypto_method }}</crypto_method>
</client> </client>
<client_buffer>
<!-- Agent buffer options -->
<disabled>{{ wazuh_agent_config.client_buffer.disable }}</disabled>
<queue_size>{{ wazuh_agent_config.client_buffer.queue_size }}</queue_size>
<events_per_second>{{ wazuh_agent_config.client_buffer.events_per_sec }}</events_per_second>
</client_buffer>
<logging> <logging>
<log_format>{{ wazuh_agent_config.log_format }}</log_format> <log_format>{{ wazuh_agent_config.log_format }}</log_format>
</logging> </logging>
<active-response> <active-response>
<disabled>{{ wazuh_agent_config.active_response_disabled|default('no') }}</disabled> <disabled>{{ wazuh_agent_config.active_response.ar|default('no') }}</disabled>
<ca_store>{{ wazuh_agent_config.active_response.ca_store }}</ca_store>
<ca_verification>{{ wazuh_agent_config.active_response.ca_verification }}</ca_verification>
</active-response> </active-response>
{% if wazuh_agent_config.rootcheck is defined %} {% if wazuh_agent_config.rootcheck is defined %}
@ -74,15 +82,18 @@
</rootcheck> </rootcheck>
{% endif %} {% endif %}
<!-- Directories to check (perform all possible verifications) -->
{% if wazuh_agent_config.syscheck is defined %} {% if wazuh_agent_config.syscheck is defined %}
<syscheck> <syscheck>
<disabled>no</disabled> <disabled>no</disabled>
{% if ansible_system == "Linux" %} {% if ansible_system == "Linux" %}
<directories check_all="yes" realtime="yes" restrict="^/var/ossec/etc/shared/agent.conf$">/var/ossec/etc/shared</directories> <!-- #<directories check_all="yes" realtime="yes" restrict="^/var/ossec/etc/shared/agent.conf$">/var/ossec/etc/shared</directories> -->
<directories check_all="yes">/etc,/usr/bin,/usr/sbin</directories>
<directories check_all="yes">/bin,/sbin,/boot</directories>
{% endif %} {% endif %}
<auto_ignore>{{ wazuh_agent_config.syscheck.auto_ignore }}</auto_ignore> <auto_ignore>{{ wazuh_agent_config.syscheck.auto_ignore }}</auto_ignore>
<alert_new_files>{{ wazuh_agent_config.syscheck.alert_new_files }}</alert_new_files> <!-- #<alert_new_files>{{ wazuh_agent_config.syscheck.alert_new_files }}</alert_new_files> -->
<!-- Frequency that syscheck is executed -- default every 20 hours --> <!-- Frequency that syscheck is executed -- default every 20 hours -->
<frequency>{{ wazuh_agent_config.syscheck.frequency }}</frequency> <frequency>{{ wazuh_agent_config.syscheck.frequency }}</frequency>
<scan_on_start>{{ wazuh_agent_config.syscheck.scan_on_start }}</scan_on_start> <scan_on_start>{{ wazuh_agent_config.syscheck.scan_on_start }}</scan_on_start>
@ -105,7 +116,14 @@
{% for no_diff in wazuh_agent_config.syscheck.no_diff %} {% for no_diff in wazuh_agent_config.syscheck.no_diff %}
<nodiff>{{ no_diff }}</nodiff> <nodiff>{{ no_diff }}</nodiff>
{% endfor %} {% endfor %}
<skip_nfs>{{ wazuh_agent_config.syscheck.skip_nfs }}</skip_nfs>
<!-- Remove not monitored files -->
<remove_old_diff>{{ wazuh_agent_config.syscheck.remove_old_diff }}</remove_old_diff>
<!-- Allow the system to restart Auditd after installing the plugin -->
<restart_audit>{{ wazuh_agent_config.syscheck.restart_audit }}</restart_audit>
{% if ansible_os_family == "Windows" %} {% if ansible_os_family == "Windows" %}
{% for registry_key in wazuh_agent_config.syscheck.windows_registry %} {% for registry_key in wazuh_agent_config.syscheck.windows_registry %}
{% if registry_key.arch is defined %} {% if registry_key.arch is defined %}
@ -191,6 +209,30 @@
</wodle> </wodle>
{% endif %} {% endif %}
<!-- Osquery integration -->
<wodle name="osquery">
<disabled>{{ wazuh_agent_config.osquery.disable }}</disabled>
<run_daemon>{{ wazuh_agent_config.osquery.run_daemon }}</run_daemon>
<log_path>{{ wazuh_agent_config.osquery.log_path }}</log_path>
<config_path>{{ wazuh_agent_config.osquery.config_path }}</config_path>
<add_labels>{{ wazuh_agent_config.osquery.ad_labels }}</add_labels>
</wodle>
<!-- System inventory -->
<wodle name="syscollector">
<disabled>{{ wazuh_agent_config.syscollector.disable }}</disabled>
<interval>{{ wazuh_agent_config.syscollector.interval }}</interval>
<scan_on_start>{{ wazuh_agent_config.syscollector.scan_on_start }}</scan_on_start>
<hardware>{{ wazuh_agent_config.syscollector.hardware }}</hardware>
<os>{{ wazuh_agent_config.syscollector.os }}</os>
<network>{{ wazuh_agent_config.syscollector.network }}</network>
<packages>{{ wazuh_agent_config.syscollector.packages }}</packages>
<ports all="no">{{ wazuh_agent_config.syscollector.ports_no }}</ports>
<processes>{{ wazuh_agent_config.syscollector.processes }}</processes>
</wodle>
{% if ansible_system == "Linux" and wazuh_agent_config.vuls.disable == 'no' %} {% if ansible_system == "Linux" and wazuh_agent_config.vuls.disable == 'no' %}
<wodle name="command"> <wodle name="command">
<disabled>no</disabled> <disabled>no</disabled>
@ -203,7 +245,7 @@
{% endif %} {% endif %}
<!-- Files to monitor (localfiles) --> <!-- Files to monitor (localfiles) -->
{% for localfile in wazuh_agent_config.localfiles %} {% for localfile in wazuh_agent_config.localfiles.common %}
<localfile> <localfile>
<log_format>{{ localfile.format }}</log_format> <log_format>{{ localfile.format }}</log_format>
{% if localfile.format == 'command' or localfile.format == 'full_command' %} {% if localfile.format == 'command' or localfile.format == 'full_command' %}
@ -215,4 +257,31 @@
</localfile> </localfile>
{% endfor %} {% endfor %}
{% if ansible_os_family == "Debian" %}
{% for localfile in wazuh_agent_config.localfiles.debian %}
<localfile>
<log_format>{{ localfile.format }}</log_format>
{% if localfile.format == 'command' or localfile.format == 'full_command' %}
<command>{{ localfile.command }}</command>
<frequency>{{ localfile.frequency }}</frequency>
{% else %}
<location>{{ localfile.location }}</location>
{% endif %}
</localfile>
{% endfor %}
{% endif %}
{% if ansible_os_family == "RedHat" %}
{% for localfile in wazuh_agent_config.localfiles.centos %}
<localfile>
<log_format>{{ localfile.format }}</log_format>
{% if localfile.format == 'command' or localfile.format == 'full_command' %}
<command>{{ localfile.command }}</command>
<frequency>{{ localfile.frequency }}</frequency>
{% else %}
<location>{{ localfile.location }}</location>
{% endif %}
</localfile>
{% endfor %}
{% endif %}
</ossec_config> </ossec_config>

109
roles/wazuh/ansible-wazuh-manager/defaults/main.yml
View File

@ -41,6 +41,7 @@ wazuh_manager_config:
- type: 'secure' - type: 'secure'
port: '1514' port: '1514'
protocol: 'udp' protocol: 'udp'
queue_size: 131072
authd: authd:
enable: true enable: true
port: 1515 port: 1515
@ -59,6 +60,8 @@ wazuh_manager_config:
- 'admin@example.net' - 'admin@example.net'
mail_smtp_server: localhost mail_smtp_server: localhost
mail_from: wazuh-server@example.com mail_from: wazuh-server@example.com
mail_maxperhour: 12
mail_queue_size: 131072
extra_emails: extra_emails:
- enable: false - enable: false
mail_to: 'admin@example.net' mail_to: 'admin@example.net'
@ -82,13 +85,13 @@ wazuh_manager_config:
user: null user: null
showlogs: null showlogs: null
syscheck: syscheck:
disable: 'no'
frequency: 43200 frequency: 43200
scan_on_start: 'yes' scan_on_start: 'yes'
auto_ignore: 'no' auto_ignore: 'no'
alert_new_files: 'yes' alert_new_files: 'yes'
ignore: ignore:
- /etc/mtab - /etc/mtab
- /etc/mnttab
- /etc/hosts.deny - /etc/hosts.deny
- /etc/mail/statistics - /etc/mail/statistics
- /etc/random-seed - /etc/random-seed
@ -100,13 +103,22 @@ wazuh_manager_config:
- /etc/cups/certs - /etc/cups/certs
- /etc/dumpdates - /etc/dumpdates
- /etc/svc/volatile - /etc/svc/volatile
- /sys/kernel/security
- /sys/kernel/debug
no_diff: no_diff:
- /etc/ssl/private.key - /etc/ssl/private.key
directories: directories:
- dirs: /etc,/usr/bin,/usr/sbin - dirs: /etc,/usr/bin,/usr/sbin
checks: 'check_all="yes"' checks: 'check_all="yes"'
- dirs: /bin,/sbin - dirs: /bin,/sbin,/boot
checks: 'check_all="yes"' checks: 'check_all="yes"'
auto_ignore_frequency:
frequency: 'frequency="10"'
timeframe: 'timeframe="3600"'
value: 'no'
skip_nfs: 'yes'
remove_old_diff: 'yes'
restart_audit: 'yes'
rootcheck: rootcheck:
frequency: 43200 frequency: 43200
openscap: openscap:
@ -121,11 +133,41 @@ wazuh_manager_config:
interval: '1d' interval: '1d'
scan_on_start: 'yes' scan_on_start: 'yes'
java_path: '/usr/lib/jvm/java-1.8.0-openjdk-amd64/jre/bin' java_path: '/usr/lib/jvm/java-1.8.0-openjdk-amd64/jre/bin'
ciscat_path: '/var/ossec/wodles/ciscat' ciscat_path: 'wodles/ciscat'
content: content:
- type: 'xccdf' - type: 'xccdf'
path: 'benchmarks/CIS_Ubuntu_Linux_16.04_LTS_Benchmark_v1.0.0-xccdf.xml' path: 'benchmarks/CIS_Ubuntu_Linux_16.04_LTS_Benchmark_v1.0.0-xccdf.xml'
profile: 'xccdf_org.cisecurity.benchmarks_profile_Level_1_-_Server' profile: 'xccdf_org.cisecurity.benchmarks_profile_Level_1_-_Server'
osquery:
disable: 'yes'
run_daemon: 'yes'
log_path: '/var/log/osquery/osqueryd.results.log'
config_path: '/etc/osquery/osquery.conf'
ad_labels: 'yes'
syscollector:
disable: 'no'
interval: '1h'
scan_on_start: 'yes'
hardware: 'yes'
os: 'yes'
network: 'yes'
packages: 'yes'
ports_no: 'yes'
processes: 'yes'
vul_detector:
disable: 'yes'
interval: '5m'
ignore_time: '6h'
run_on_start: 'yes'
ubuntu:
disable: 'yes'
update_interval: '1h'
redhat:
disable: 'yes'
update_interval: '1h'
debian:
disable: 'yes'
update_interval: '1h'
vuls: vuls:
disable: 'yes' disable: 'yes'
interval: '1d' interval: '1d'
@ -139,21 +181,36 @@ wazuh_manager_config:
log_level: 1 log_level: 1
email_level: 12 email_level: 12
localfiles: localfiles:
- format: 'syslog' common:
location: '/var/log/auth.log' - format: 'command'
- format: 'syslog' command: 'df -P'
location: '/var/log/messages' frequency: '360'
- format: 'syslog' - format: 'full_command'
location: '/var/log/secure' command: netstat -tulpn | sed 's/\([[:alnum:]]\+\)\ \+[[:digit:]]\+\ \+[[:digit:]]\+\ \+\(.*\):\([[:digit:]]*\)\ \+\([0-9\.\:\*]\+\).\+\ \([[:digit:]]*\/[[:alnum:]\-]*\).*/\1 \2 == \3 == \4 \5/' | sort -k 4 -g | sed 's/ == \(.*\) ==/:\1/' | sed 1,2d
- format: 'command' alias: 'netstat listening ports'
command: 'df -P' frequency: '360'
frequency: '360' - format: 'full_command'
- format: 'full_command' command: 'last -n 20'
command: 'netstat -tln | grep -v 127.0.0.1 | sort' - format: 'syslog'
frequency: '360' location: '/var/ossec/logs/active-responses.log'
- format: 'full_command' debian:
command: 'last -n 20' - format: 'syslog'
frequency: '360' location: '/var/log/auth.log'
- format: 'syslog'
location: '/var/log/syslog'
- format: 'syslog'
location: '/var/log/dpkg.log'
- format: 'syslog'
location: '/var/log/kern.log'
centos:
- format: 'syslog'
location: '/var/log/messages'
- format: 'syslog'
location: '/var/log/secure'
- format: 'syslog'
location: '/var/log/maillog'
- format: 'audit'
location: '/var/log/audit/audit.log'
globals: globals:
- '127.0.0.1' - '127.0.0.1'
- '192.168.2.1' - '192.168.2.1'
@ -162,10 +219,10 @@ wazuh_manager_config:
executable: 'disable-account.sh' executable: 'disable-account.sh'
expect: 'user' expect: 'user'
timeout_allowed: 'yes' timeout_allowed: 'yes'
- name: 'restart-ossec' #- name: 'restart-ossec'
executable: 'restart-ossec.sh' # executable: 'restart-ossec.sh'
expect: '' # expect: ''
timeout_allowed: 'no' # timeout_allowed: 'no'
- name: 'win_restart-ossec' - name: 'win_restart-ossec'
executable: 'restart-ossec.cmd' executable: 'restart-ossec.cmd'
expect: '' expect: ''
@ -186,6 +243,14 @@ wazuh_manager_config:
executable: 'route-null.cmd' executable: 'route-null.cmd'
expect: 'srcip' expect: 'srcip'
timeout_allowed: 'yes' timeout_allowed: 'yes'
- name: 'netsh'
executable: 'netsh.cmd'
expect: 'srcip'
timeout_allowed: 'yes'
- name: 'netsh-win-2016'
executable: 'netsh-win-2016.cmd'
expect: 'srcip'
timeout_allowed: 'yes'
ruleset: ruleset:
rules_path: 'custom_ruleset/rules/' rules_path: 'custom_ruleset/rules/'
decoders_path: 'custom_ruleset/decoders/' decoders_path: 'custom_ruleset/decoders/'

415
roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2
View File

@ -21,47 +21,14 @@
{% endfor %} {% endfor %}
<smtp_server>{{ wazuh_manager_config.mail_smtp_server }}</smtp_server> <smtp_server>{{ wazuh_manager_config.mail_smtp_server }}</smtp_server>
<email_from>{{ wazuh_manager_config.mail_from }}</email_from> <email_from>{{ wazuh_manager_config.mail_from }}</email_from>
<email_maxperhour>{{ wazuh_manager_config.mail_maxperhour }}</email_maxperhour>
<queue_size>{{ wazuh_manager_config.mail_queue_size }}</queue_size>
</global> </global>
<cluster> <alerts>
<disabled>{{ wazuh_manager_config.cluster.disable }}</disabled> <log_alert_level>{{ wazuh_manager_config.log_level }}</log_alert_level>
<name>{{ wazuh_manager_config.cluster.name }}</name> <email_alert_level>{{ wazuh_manager_config.email_level }}</email_alert_level>
<node_name>{{ wazuh_manager_config.cluster.node_name }}</node_name> </alerts>
<node_type>{{ wazuh_manager_config.cluster.node_type }}</node_type>
<key>{{ wazuh_manager_config.cluster.key }}</key>
{% if wazuh_manager_config.cluster.interval is defined %}
<interval>{{ wazuh_manager_config.cluster.interval }}</interval>
{% endif %}
<port>{{ wazuh_manager_config.cluster.port }}</port>
<bind_addr>{{ wazuh_manager_config.cluster.bind_addr }}</bind_addr>
<nodes>
{% for node in wazuh_manager_config.cluster.nodes %}
<node>{{ node }}</node>
{% endfor %}
</nodes>
<hidden>{{ wazuh_manager_config.cluster.hidden }}</hidden>
</cluster>
<logging>
<log_format>{{ wazuh_manager_config.log_format }}</log_format>
</logging>
{% if wazuh_manager_config.authd.enable == true %}
<auth>
<disabled>no</disabled>
{% if wazuh_manager_config.authd.port is not none %}<port>{{wazuh_manager_config.authd.port}}</port>{% else %}<port>1515</port>{% endif %}
{% if wazuh_manager_config.authd.use_source_ip is not none %}<use_source_ip>{{wazuh_manager_config.authd.use_source_ip}}</use_source_ip>{% endif %}
{% if wazuh_manager_config.authd.force_insert is not none %}<force_insert>{{wazuh_manager_config.authd.force_insert}}</force_insert>{% endif %}
{% if wazuh_manager_config.authd.force_time is not none %}<force_time>{{wazuh_manager_config.authd.force_time}}</force_time>{% endif %}
{% if wazuh_manager_config.authd.purge is not none %}<purge>{{wazuh_manager_config.authd.purge}}</purge>{% endif %}
{% if wazuh_manager_config.authd.use_password is not none %}<use_password>{{wazuh_manager_config.authd.use_password}}</use_password>{% endif %}
{% if wazuh_manager_config.authd.ssl_agent_ca is not none %}<ssl_agent_ca>/var/ossec/etc/{{wazuh_manager_config.authd.ssl_agent_ca | basename}}</ssl_agent_ca>{% endif %}
{% if wazuh_manager_config.authd.ssl_verify_host is not none %}<ssl_verify_host>{{wazuh_manager_config.authd.ssl_verify_host}}</ssl_verify_host>{% endif %}
{% if wazuh_manager_config.authd.ssl_manager_cert is not none %}<ssl_manager_cert>/var/ossec/etc/{{wazuh_manager_config.authd.ssl_manager_cert | basename}}</ssl_manager_cert>{% endif %}
{% if wazuh_manager_config.authd.ssl_manager_key is not none %}<ssl_manager_key>/var/ossec/etc/{{wazuh_manager_config.authd.ssl_manager_key | basename}}</ssl_manager_key>{% endif %}
{% if wazuh_manager_config.authd.ssl_auto_negotiate is not none %}<ssl_auto_negotiate>{{wazuh_manager_config.authd.ssl_auto_negotiate}}</ssl_auto_negotiate>{% endif %}
</auth>
{% endif %}
{% if wazuh_manager_config.extra_emails is defined %} {% if wazuh_manager_config.extra_emails is defined %}
{% for mail in wazuh_manager_config.extra_emails %} {% for mail in wazuh_manager_config.extra_emails %}
@ -94,6 +61,32 @@
{% endfor %} {% endfor %}
{% endif %} {% endif %}
<!-- Choose between "plain", "json", or "plain,json" for the format of internal logs -->
<logging>
<log_format>{{ wazuh_manager_config.log_format }}</log_format>
</logging>
<remote>
{% for connection in wazuh_manager_config.connection %}
<connection>{{ connection.type }}</connection>
{% if connection.port is defined %}<port>{{ connection.port }}</port>{% endif %}
{% if connection.protocol is defined %}<protocol>{{ connection.protocol }}</protocol>{% endif %}
{% if connection.allowed_ips is defined %}
{% for allowed_ip in connection.allowed_ips %}
<allowed-ips>{{ allowed_ip }}</allowed-ips>
{% endfor %}
{% endif %}
{% if connection.denied_ips is defined %}
{% for denied_ip in connection.denied_ips %}
<denied-ips>{{ denied_ip }}</denied-ips>
{% endfor %}
{% endif %}
{% if connection.local_ip is defined %}<local_ip>{{ connection.local_ip }}</local_ip>{% endif %}
{% if connection.ipv6 is defined %}<ipv6>{{ connection.ipv6 }}</ipv6>{% endif %}
{% if connection.queue_size is defined %}<queue_size>{{connection.queue_size}}</queue_size>{% endif %}
{% endfor %}
</remote>
{% if wazuh_manager_config.reports is defined %} {% if wazuh_manager_config.reports is defined %}
{% for report in wazuh_manager_config.reports %} {% for report in wazuh_manager_config.reports %}
{% if report.enable == true %} {% if report.enable == true %}
@ -113,32 +106,8 @@
{% endfor %} {% endfor %}
{% endif %} {% endif %}
<alerts>
<log_alert_level>{{ wazuh_manager_config.log_level }}</log_alert_level>
<email_alert_level>{{ wazuh_manager_config.email_level }}</email_alert_level>
</alerts>
<remote>
{% for connection in wazuh_manager_config.connection %}
<connection>{{ connection.type }}</connection>
{% if connection.port is defined %}<port>{{ connection.port }}</port>{% endif %}
{% if connection.protocol is defined %}<protocol>{{ connection.protocol }}</protocol>{% endif %}
{% if connection.allowed_ips is defined %}
{% for allowed_ip in connection.allowed_ips %}
<allowed-ips>{{ allowed_ip }}</allowed-ips>
{% endfor %}
{% endif %}
{% if connection.denied_ips is defined %}
{% for denied_ip in connection.denied_ips %}
<denied-ips>{{ denied_ip }}</denied-ips>
{% endfor %}
{% endif %}
{% if connection.local_ip is defined %}<local_ip>{{ connection.local_ip }}</local_ip>{% endif %}
{% if connection.ipv6 is defined %}<ipv6>{{ connection.ipv6 }}</ipv6>{% endif %}
{% if connection.queue_size is defined %}<queue_size>{{ connection.queue_size }}</queue_size>{% endif %}
{% endfor %}
</remote>
<!-- Policy monitoring -->
<rootcheck> <rootcheck>
<disabled>no</disabled> <disabled>no</disabled>
<check_unixaudit>yes</check_unixaudit> <check_unixaudit>yes</check_unixaudit>
@ -164,34 +133,7 @@
<skip_nfs>yes</skip_nfs> <skip_nfs>yes</skip_nfs>
</rootcheck> </rootcheck>
<syscheck> {% if ansible_system == "Linux" and wazuh_manager_config.openscap.disable == 'no' %}
<auto_ignore>{{ wazuh_manager_config.syscheck.auto_ignore }}</auto_ignore>
<alert_new_files>{{ wazuh_manager_config.syscheck.alert_new_files }}</alert_new_files>
<!-- Frequency that syscheck is executed -- default every 20 hours -->
<frequency>{{ wazuh_manager_config.syscheck.frequency }}</frequency>
<scan_on_start>{{ wazuh_manager_config.syscheck.scan_on_start }}</scan_on_start>
<!-- Directories to check (perform all possible verifications) -->
{% if wazuh_manager_config.syscheck.directories is defined %}
{% for directory in wazuh_manager_config.syscheck.directories %}
<directories {{ directory.checks }}>{{ directory.dirs }}</directories>
{% endfor %}
{% endif %}
<!-- Files/directories to ignore -->
{% if wazuh_manager_config.syscheck.ignore is defined %}
{% for ignore in wazuh_manager_config.syscheck.ignore %}
<ignore>{{ ignore }}</ignore>
{% endfor %}
{% endif %}
<!-- Files no diff -->
{% for no_diff in wazuh_manager_config.syscheck.no_diff %}
<nodiff>{{ no_diff }}</nodiff>
{% endfor %}
</syscheck>
{% if ansible_system == "Linux" and wazuh_manager_config.openscap.disable == 'no' %}
<wodle name="open-scap"> <wodle name="open-scap">
<disabled>no</disabled> <disabled>no</disabled>
<timeout>{{ wazuh_manager_config.openscap.timeout }}</timeout> <timeout>{{ wazuh_manager_config.openscap.timeout }}</timeout>
@ -244,14 +186,13 @@
</wodle> </wodle>
{% endif %} {% endif %}
{% if wazuh_manager_config.cis_cat.disable == 'no' %}
<wodle name="cis-cat"> <wodle name="cis-cat">
<disabled>no</disabled> <disabled>{{ wazuh_manager_config.cis_cat.disable}}</disabled>
<timeout>{{ wazuh_manager_config.cis_cat.timeout }}</timeout> <timeout>{{ wazuh_manager_config.cis_cat.timeout }}</timeout>
<interval>{{ wazuh_manager_config.cis_cat.interval }}</interval> <interval>{{ wazuh_manager_config.cis_cat.interval }}</interval>
<scan-on-start>{{ wazuh_manager_config.cis_cat.scan_on_start }}</scan-on-start> <scan-on-start>{{ wazuh_manager_config.cis_cat.scan_on_start }}</scan-on-start>
{% if wazuh_manager_config.cis_cat.install_java == 'yes' %} {% if wazuh_manager_config.cis_cat.install_java == 'yes' %}
<java_path>/usr/bin</java_path> <java_path>wodles/java</java_path>
{% else %} {% else %}
<java_path>{{ wazuh_manager_config.cis_cat.java_path }}</java_path> <java_path>{{ wazuh_manager_config.cis_cat.java_path }}</java_path>
{% endif %} {% endif %}
@ -262,7 +203,173 @@
</content> </content>
{% endfor %} {% endfor %}
</wodle> </wodle>
{% endif %}
<!-- Osquery integration -->
<wodle name="osquery">
<disabled>{{ wazuh_manager_config.osquery.disable }}</disabled>
<run_daemon>{{ wazuh_manager_config.osquery.run_daemon }}</run_daemon>
<log_path>{{ wazuh_manager_config.osquery.log_path }}</log_path>
<config_path>{{ wazuh_manager_config.osquery.config_path }}</config_path>
<add_labels>{{ wazuh_manager_config.osquery.ad_labels }}</add_labels>
</wodle>
<!-- System inventory -->
<wodle name="syscollector">
<disabled>{{ wazuh_manager_config.syscollector.disable }}</disabled>
<interval>{{ wazuh_manager_config.syscollector.interval }}</interval>
<scan_on_start>{{ wazuh_manager_config.syscollector.scan_on_start }}</scan_on_start>
<hardware>{{ wazuh_manager_config.syscollector.hardware }}</hardware>
<os>{{ wazuh_manager_config.syscollector.os }}</os>
<network>{{ wazuh_manager_config.syscollector.network }}</network>
<packages>{{ wazuh_manager_config.syscollector.packages }}</packages>
<ports all="no">{{ wazuh_manager_config.syscollector.ports_no }}</ports>
<processes>{{ wazuh_manager_config.syscollector.processes }}</processes>
</wodle>
<wodle name="vulnerability-detector">
<disabled>{{ wazuh_manager_config.vul_detector.disable }}</disabled>
<interval>{{ wazuh_manager_config.vul_detector.interval }}</interval>
<ignore_time>{{ wazuh_manager_config.vul_detector.ignore_time }}</ignore_time>
<run_on_start>{{ wazuh_manager_config.vul_detector.run_on_start }}</run_on_start>
<feed name="ubuntu-18">
<disabled>{{ wazuh_manager_config.vul_detector.ubuntu.disable }}</disabled>
<update_interval>{{ wazuh_manager_config.vul_detector.ubuntu.update_interval }}</update_interval>
</feed>
<feed name="redhat-7">
<disabled>{{ wazuh_manager_config.vul_detector.redhat.disable }}</disabled>
<update_interval>{{ wazuh_manager_config.vul_detector.redhat.update_interval }}</update_interval>
</feed>
<feed name="debian-9">
<disabled>{{ wazuh_manager_config.vul_detector.debian.disable }}</disabled>
<update_interval>{{ wazuh_manager_config.vul_detector.debian.update_interval }}</update_interval>
</feed>
</wodle>
<!-- File integrity monitoring -->
<syscheck>
<disabled>{{ wazuh_manager_config.syscheck.disable }}</disabled>
<auto_ignore>{{ wazuh_manager_config.syscheck.auto_ignore }}</auto_ignore>
<alert_new_files>{{ wazuh_manager_config.syscheck.alert_new_files }}</alert_new_files>
<!-- Frequency that syscheck is executed -- default every 20 hours -->
<frequency>{{ wazuh_manager_config.syscheck.frequency }}</frequency>
<scan_on_start>{{ wazuh_manager_config.syscheck.scan_on_start }}</scan_on_start>
<!-- Don't ignore files that change more than 'frequency' times -->
{% if wazuh_manager_config.syscheck.auto_ignore_frequency is defined %}
<auto_ignore {{ wazuh_manager_config.syscheck.auto_ignore_frequency.frequency }} {{ wazuh_manager_config.syscheck.auto_ignore_frequency.timeframe }}>{{wazuh_manager_config.syscheck.auto_ignore_frequency.value }}</auto_ignore>
{% endif %}
<!-- Directories to check (perform all possible verifications) -->
{% if wazuh_manager_config.syscheck.directories is defined %}
{% for directory in wazuh_manager_config.syscheck.directories %}
<directories {{ directory.checks }}>{{ directory.dirs }}</directories>
{% endfor %}
{% endif %}
<!-- Files/directories to ignore -->
{% if wazuh_manager_config.syscheck.ignore is defined %}
{% for ignore in wazuh_manager_config.syscheck.ignore %}
<ignore>{{ ignore }}</ignore>
{% endfor %}
{% endif %}
<!-- Files no diff -->
{% for no_diff in wazuh_manager_config.syscheck.no_diff %}
<nodiff>{{ no_diff }}</nodiff>
{% endfor %}
{% if wazuh_manager_config.syscheck.skip_nfs is defined %}
<skip_nfs>{{ wazuh_manager_config.syscheck.skip_nfs }}</skip_nfs>
{% endif %}
<!-- Remove not monitored files -->
{% if wazuh_manager_config.syscheck.remove_old_diff is defined %}
<remove_old_diff>{{ wazuh_manager_config.syscheck.remove_old_diff }}</remove_old_diff>
{% endif %}
<!-- Allow the system to restart Auditd after installing the plugin -->
{% if wazuh_manager_config.syscheck.restart_audit is defined %}
<restart_audit>{{ wazuh_manager_config.syscheck.restart_audit }}</restart_audit>
{% endif %}
</syscheck>
<global>
{% for white_list in wazuh_manager_config.globals %}
<white_list>{{ white_list }}</white_list>
{% endfor %}
</global>
{% for command in wazuh_manager_config.commands %}
<command>
<name>{{ command.name }}</name>
<executable>{{ command.executable }}</executable>
<expect>{{ command.expect }}</expect>
<timeout_allowed>{{ command.timeout_allowed }}</timeout_allowed>
</command>
{% endfor %}
<!--
<active-response>
active-response options here
</active-response>
-->
<ruleset>
<!-- Default ruleset -->
<decoder_dir>ruleset/decoders</decoder_dir>
<rule_dir>ruleset/rules</rule_dir>
{% if wazuh_manager_config.rule_exclude is defined %}
{% for rule in wazuh_manager_config.rule_exclude %}
<rule_exclude>{{ rule }}</rule_exclude>
{% endfor %}
{% endif %}
{% if cdb_lists is defined %}
{% for list in cdb_lists %}
<list>etc/lists/{{ list.name }}</list>
{% endfor %}
{% endif %}
<!-- User-defined ruleset -->
<decoder_dir>etc/decoders</decoder_dir>
<rule_dir>etc/rules</rule_dir>
</ruleset>
{% if wazuh_manager_config.authd.enable == true %}
<auth>
<disabled>no</disabled>
{% if wazuh_manager_config.authd.port is not none %}<port>{{wazuh_manager_config.authd.port}}</port>{% else %}<port>1515</port>{% endif %}
{% if wazuh_manager_config.authd.use_source_ip is not none %}<use_source_ip>{{wazuh_manager_config.authd.use_source_ip}}</use_source_ip>{% endif %}
{% if wazuh_manager_config.authd.force_insert is not none %}<force_insert>{{wazuh_manager_config.authd.force_insert}}</force_insert>{% endif %}
{% if wazuh_manager_config.authd.force_time is not none %}<force_time>{{wazuh_manager_config.authd.force_time}}</force_time>{% endif %}
{% if wazuh_manager_config.authd.purge is not none %}<purge>{{wazuh_manager_config.authd.purge}}</purge>{% endif %}
{% if wazuh_manager_config.authd.use_password is not none %}<use_password>{{wazuh_manager_config.authd.use_password}}</use_password>{% endif %}
{% if wazuh_manager_config.authd.ssl_agent_ca is not none %}<ssl_agent_ca>/var/ossec/etc/{{wazuh_manager_config.authd.ssl_agent_ca | basename}}</ssl_agent_ca>{% endif %}
{% if wazuh_manager_config.authd.ssl_verify_host is not none %}<ssl_verify_host>{{wazuh_manager_config.authd.ssl_verify_host}}</ssl_verify_host>{% endif %}
{% if wazuh_manager_config.authd.ssl_manager_cert is not none %}<ssl_manager_cert>/var/ossec/etc/{{wazuh_manager_config.authd.ssl_manager_cert | basename}}</ssl_manager_cert>{% endif %}
{% if wazuh_manager_config.authd.ssl_manager_key is not none %}<ssl_manager_key>/var/ossec/etc/{{wazuh_manager_config.authd.ssl_manager_key | basename}}</ssl_manager_key>{% endif %}
{% if wazuh_manager_config.authd.ssl_auto_negotiate is not none %}<ssl_auto_negotiate>{{wazuh_manager_config.authd.ssl_auto_negotiate}}</ssl_auto_negotiate>{% endif %}
</auth>
{% endif %}
<cluster>
<disabled>{{ wazuh_manager_config.cluster.disable }}</disabled>
<name>{{ wazuh_manager_config.cluster.name }}</name>
<node_name>{{ wazuh_manager_config.cluster.node_name }}</node_name>
<node_type>{{ wazuh_manager_config.cluster.node_type }}</node_type>
<key>{{ wazuh_manager_config.cluster.key }}</key>
{% if wazuh_manager_config.cluster.interval is defined %}
<interval>{{ wazuh_manager_config.cluster.interval }}</interval>
{% endif %}
<port>{{ wazuh_manager_config.cluster.port }}</port>
<bind_addr>{{ wazuh_manager_config.cluster.bind_addr }}</bind_addr>
<nodes>
{% for node in wazuh_manager_config.cluster.nodes %}
<node>{{ node }}</node>
{% endfor %}
</nodes>
<hidden>{{ wazuh_manager_config.cluster.hidden }}</hidden>
</cluster>
{% if ansible_system == "Linux" and wazuh_manager_config.vuls.disable == 'no' %} {% if ansible_system == "Linux" and wazuh_manager_config.vuls.disable == 'no' %}
<wodle name="command"> <wodle name="command">
@ -290,43 +397,8 @@
{% endfor %} {% endfor %}
{% endif %} {% endif %}
<global>
{% for white_list in wazuh_manager_config.globals %}
<white_list>{{ white_list }}</white_list>
{% endfor %}
</global>
{% for command in wazuh_manager_config.commands %} <!-- Active Response Config
<command>
<name>{{ command.name }}</name>
<executable>{{ command.executable }}</executable>
<expect>{{ command.expect }}</expect>
<timeout_allowed>{{ command.timeout_allowed }}</timeout_allowed>
</command>
{% endfor %}
<ruleset>
<!-- Default ruleset -->
<decoder_dir>ruleset/decoders</decoder_dir>
<rule_dir>ruleset/rules</rule_dir>
{% if wazuh_manager_config.rule_exclude is defined %}
{% for rule in wazuh_manager_config.rule_exclude %}
<rule_exclude>{{ rule }}</rule_exclude>
{% endfor %}
{% endif %}
{% if cdb_lists is defined %}
{% for list in cdb_lists %}
<list>etc/lists/{{ list.name }}</list>
{% endfor %}
{% endif %}
<!-- User-defined ruleset -->
<decoder_dir>etc/decoders</decoder_dir>
<rule_dir>etc/rules</rule_dir>
</ruleset>
<!-- Active Response Config -->
{% for response in wazuh_manager_config.active_responses %} {% for response in wazuh_manager_config.active_responses %}
<active-response> <active-response>
<disabled>{% if response.disabled is defined %}{{ response.disabled }}{% else %}no{% endif %}</disabled> <disabled>{% if response.disabled is defined %}{{ response.disabled }}{% else %}no{% endif %}</disabled>
@ -340,9 +412,10 @@
{%if response.repeated_offenders is defined %}<repeated_offenders>{{ response.repeated_offenders }}</repeated_offenders>{% endif %} {%if response.repeated_offenders is defined %}<repeated_offenders>{{ response.repeated_offenders }}</repeated_offenders>{% endif %}
</active-response> </active-response>
{% endfor %} {% endfor %}
-->
<!-- Files to monitor (localfiles) --> <!-- Files to monitor (localfiles) -->
{% for localfile in wazuh_manager_config.localfiles %} {% for localfile in wazuh_manager_config.localfiles.common %}
<localfile> <localfile>
<log_format>{{ localfile.format }}</log_format> <log_format>{{ localfile.format }}</log_format>
{% if localfile.format == 'command' or localfile.format == 'full_command' %} {% if localfile.format == 'command' or localfile.format == 'full_command' %}
@ -378,6 +451,82 @@
</localfile> </localfile>
{% endfor %} {% endfor %}
{% if ansible_os_family == "Debian" %}
{% for localfile in wazuh_manager_config.localfiles.debian %}
<localfile>
<log_format>{{ localfile.format }}</log_format>
{% if localfile.format == 'command' or localfile.format == 'full_command' %}
<command>{{ localfile.command }}</command>
{% if localfile.alias is defined %}
<alias>{{ localfile.alias }}</alias>
{% endif %}
{% if localfile.frequency is defined %}
<frequency>{{ localfile.frequency }}</frequency>
{% endif %}
{% else %}
<location>{{ localfile.location }}</location>
{% if localfile.format == 'eventchannel' %}
{% if localfile.only_future_events is defined %}
<only-future-events>{{ localfile.only_future_events }}</only_future_events>
{% endif %}
{% if localfile.query is defined %}
<query>{{ localfile.query }}</query>
{% endif %}
{% endif %}
{% endif %}
{% if localfile.format == 'json' and localfile.labels is defined %}
{% for key, value in localfile.labels.iteritems() %}
<label key="{{ key }}">{{ value }}</label>
{% endfor %}
{% endif %}
{% if localfile.target is defined %}
<target>{{ localfile.target }}</target>
{% endif %}
{% if localfile.out_format is defined %}
<out_format>{{ localfile.out_format }}</out_format>
{% endif %}
</localfile>
{% endfor %}
{% endif %}
{% if ansible_os_family == "RedHat" %}
{% for localfile in wazuh_manager_config.localfiles.centos %}
<localfile>
<log_format>{{ localfile.format }}</log_format>
{% if localfile.format == 'command' or localfile.format == 'full_command' %}
<command>{{ localfile.command }}</command>
{% if localfile.alias is defined %}
<alias>{{ localfile.alias }}</alias>
{% endif %}
{% if localfile.frequency is defined %}
<frequency>{{ localfile.frequency }}</frequency>
{% endif %}
{% else %}
<location>{{ localfile.location }}</location>
{% if localfile.format == 'eventchannel' %}
{% if localfile.only_future_events is defined %}
<only-future-events>{{ localfile.only_future_events }}</only_future_events>
{% endif %}
{% if localfile.query is defined %}
<query>{{ localfile.query }}</query>
{% endif %}
{% endif %}
{% endif %}
{% if localfile.format == 'json' and localfile.labels is defined %}
{% for key, value in localfile.labels.iteritems() %}
<label key="{{ key }}">{{ value }}</label>
{% endfor %}
{% endif %}
{% if localfile.target is defined %}
<target>{{ localfile.target }}</target>
{% endif %}
{% if localfile.out_format is defined %}
<out_format>{{ localfile.out_format }}</out_format>
{% endif %}
</localfile>
{% endfor %}
{% endif %}
{% if wazuh_manager_config.syslog_outputs is defined %} {% if wazuh_manager_config.syslog_outputs is defined %}
{% for syslog_output in wazuh_manager_config.syslog_outputs %} {% for syslog_output in wazuh_manager_config.syslog_outputs %}
{% if syslog_output.server is not none %} {% if syslog_output.server is not none %}

78
roles/wazuh/ansible-wazuh-manager/vars/cdb_lists.yml
View File

@ -7,3 +7,81 @@ cdb_lists:
audit-wazuh-a:attribute audit-wazuh-a:attribute
audit-wazuh-x:execute audit-wazuh-x:execute
audit-wazuh-c:command audit-wazuh-c:command
- name: 'aws-source'
content: |
ec2.amazonaws.com:
elasticloadbalancing.amazonaws.com:
iam.amazonaws.com:
signin.amazonaws.com:
kms.amazonaws.com:
s3.amazonaws.com:
- name: 'aws-eventnames'
content: |
AddUserToGroup:
AllocateAddress:
AssociateAddress:
AssociateDhcpOptions:
AssociateRouteTable:
AttachGroupPolicy:
AttachNetworkInterface:
AttachRolePolicy:
AttachUserPolicy:
AttachVolume:
AuthorizeSecurityGroupIngress:
ConsoleLogin:
CopySnapshot:
CreateAccountAlias:
CreateGroup:
CreateImage:
CreateLoadBalancer:
CreatePlacementGroup:
CreatePolicy:
CreateRole:
CreateRouteTable:
CreateSecurityGroup:
CreateSnapshot:
CreateSubnet:
CreateTags:
CreateUser:
CreateVolume:
CreateVpc:
DeleteAccountAlias:
DeleteLoadBalancer:
DeletePlacementGroup:
DeleteSecurityGroup:
DeleteSnapshot:
DeleteTags:
DeleteUser:
DeleteVolume:
DeregisterImage:
DetachGroupPolicy:
DetachNetworkInterface:
DetachRolePolicy:
DetachVolume:
DisableKey:
DisassociateAddress:
DisassociateAddress:
DisassociateRouteTable:
GetGroup:
ListAliases:
ListGroups:
ListUsers:
ModifyImageAttribute:
ModifyInstanceAttribute:
ModifyNetworkInterfaceAttribute:
ModifySnapshotAttribute:
ModifySubnetAttribute:
ModifyVolumeAttribute:
MonitorInstances:
RebootInstances:
RegisterImage:
RemoveUserFromGroup:
RevokeSecurityGroupIngress:
RunInstances:
StartInstances:
StopInstances:
TerminateInstances:
UnmonitorInstances:
UpdateAccessKey:
UpdateAccountPasswordPolicy:
UpdateInstanceAlias: